Coppersmith, Franklin, Patarin, and Reiter show that given two RSA cryptograms xe mod N and (ax + b)e mod N for known constants a, b ∈ ZN , one can compute x in O(e log2 e) ZN -o...
To sign with RSA, one usually encodes the message m as µ(m) and then raises the result to the private exponent modulo N. In Asiacrypt 2000, Coron et al. showed how to build a secu...
We present an attack on DSA smart-cards which combines physical fault injection and lattice reduction techniques. This seems to be the first (publicly reported) physical experimen...
David Naccache, Phong Q. Nguyen, Michael Tunstall,...
Sanitizable signature schemes, as defined by Ateniese et al. (ESORICS 2005), allow a signer to partly delegate signing rights to another party, called the sanitizer. That is, the s...
Anja Lehmann, Christina Brzuska, Dominique Schr&ou...
ded abstract of this work will appear in Public Key Cryptography — PKC 2012. This is the full version. We propose a general framework that converts (ordinary) signature schemes ...